MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 246d20bf01d69d4ffbfba3517ff12fa8e8d76ea7d1d3ece4643238948d90e226. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 246d20bf01d69d4ffbfba3517ff12fa8e8d76ea7d1d3ece4643238948d90e226
SHA3-384 hash: 17909a070afaa6ba270d713c4bf73c69cf2307cebd1472f9b3acd0cabb90cdf0af713b6d0b444d85ba2612d4544502a4
SHA1 hash: 779889cec5703d58083d14a2af354868d475f0cf
MD5 hash: 38553df2489366424830cf7b1fc6c8a0
humanhash: stairway-xray-yankee-cat
File name:BID7000222453-0716-20.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-16 19:12:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:O3Qq444444444444444c2k4zU+ScZa1scv4rZkbdAXt25XF1fv4:Ogq444444444444444zVkbdAX
TLSH 7745F0DC2EA4D121DAAD5EB94D72DA3162346D45F9F2F28933D8BE4F3B32341E542212
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alp.alphagrupo.com
Sending IP: 96.125.172.31
From: BARBARA ILONA NUNEZ GUZMAN <BNune0004@contratistas.codelco.cl>
Subject: LicitaciĆ³n 7000222453.
Attachment: BID7000222453-0716-20.IMG (contains "BID7000222453-0716-20.exe")

AgentTesla SMTP exfil server:
mail.mehatinfo.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.27898.4941.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/246d20bf01d69d4ffbfba3517ff12fa8e8d76ea7d1d3ece4643238948d90e226/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 18:11:04 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=erwsbpyb22ou7673unix74jpvduno3vh2hj6zzdegi4jjdmq4ita._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 246d20bf01d69d4ffbfba3517ff12fa8e8d76ea7d1d3ece4643238948d90e226

(this sample)

AgentTesla

Executable exe 753688c06533ff22d08293f57122f3643401e828aa4766887951093de3239b83

  
Dropping
MD5 cc64a55359432137844064dc284c57a4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 753688c06533ff22d08293f57122f3643401e828aa4766887951093de3239b83

Comments